Sync entitlements from provisioning-enabled apps

Before you begin

Enable Create Users and Update User Attributes for a provisioning-enabled app that has Governance Engine and provisioning enabled. These settings ensure that entitlements are assigned accurately. To set these options, go to the Provisioning tab of the app instance, and then select To App under Settings.

Detect and import user entitlement changes from downstream apps

When imports are enabled from an app to Okta, Okta identifies during an import whether user entitlements changed in the downstream app. If Okta detects changes to a user's entitlements, their existing grants in Okta are removed and the user is assigned a custom grant of entitlements.

Automatically refresh entitlements from downstream apps

If provisioning is enabled, Okta refreshes the entitlements from the downstream system during full imports.

Manually refresh entitlements from downstream apps

  1. Go to ApplicationsApplications.

  2. Select the app instance.

  3. Go to the Governance tab.

  4. Click Sync entitlements in the banner. This pulls the app's entitlement values from the downstream system into Okta.

Related topics

Revoke entitlements in downstream apps